Wednesday, May 25, 2011

OVD 11g LDAP Error 2 : Bad LDAP Filter

Hi everyone, just a quick post on an issue I encountered with OVD 11g (11.1.1.2) and how it handles LDAP filtering.

For this post let’s use the following DN as our example:

“cn=OVD (11g), dc=us, dc=oracle, dc=com”

This is a perfectly valid DN, however, it has been discovered that DNs with parenthesis have issues within OVD. Within the logs you may see “Bad LDAP Filter” errors:

! com.octetstring.vde.util.DirectoryException: LDAP Error 2 : Bad LDAP
Filter.
at com.octetstring.vde.util.ParseFilter.parse(ParseFilter.java:291)…

Monday, May 23, 2011

Error message "Can not resolve hostname for interface any" from opmnctl

I ran into a problem with opmnctl on one of the many virtual machines and I know that someone else out there will have the same problem. This was a machine with the Identity Management bits (OID, OVD and OIF) that I had just patched up to 11.1.1.5. When I went to start the servers after applying the patch I got an error:
[oracle@dwrc4 ~]$ opmnctl status
Can not resolve five.oracleateam.com for interface any
opmnctl status: opmn is not running.
I dug into the issue and it turned out that the cause of the problem is that the machine was configured to use DHCP and the hosts file had the 127.0.0.1 associated with both the hostname and localhost. So something like this:
127.0.0.1      five.oracleateam.com five localhost.localdomain localhost
::1            localhost6.localdomain6 localhost6
I was able to resolve the issue by changing /etc/hosts to the following:
127.0.0.1      localhost.localdomain localhost
10.99.2.112    five five.oracleateam.com
Of course this means that each time the IP address changes you'll need to update the hosts file.

You know me - "Never do anything manually if you can automate it" so I wrote an init script to update the hosts file automatically each time the VM boots. If you want that script let me know in the comments.
I also opened a bug (number 12530765) to track the issue. You can follow up with support on that bug to see when it will be patched.

Note: this issue will probably apply to any of the 11.1.1.5 related patches with opmn including OHS.

If you want a copy of the script you can get it at GitHub

Thursday, May 5, 2011

Live Webcast: A Year After Sun Acquisition – The 360 on Oracle Identity Management

I'd like to let our readers know about an upcoming webcast that you all may be interested in.

Wednesday, May 25th at 10 am PDT / 1 pm EDT

A year after Sun acquisition, a live presentation and conversation with an Oracle / Sun customer.

A unique opportunity for our prospects and existing Sun customers to hear from TELUS, an Oracle
Sun customer about not only their IDM implementation but also their experience through the transition and since. Attendees can also get their questions answered live by Oracle’s senior IDM product and delivery experts.

Attendees will learn:

How to build a successful implementation strategy and a scalable Identity Management model

• Highlights of Oracle /Sun Identity Management roadmap

• Why Oracle is considered a leader in Identity Management today

• Best practice recommendations from their peer user

When: Wednesday, May 25th at 10 am PDT / 1 pm EDT

Live Webcast: A Year After Sun Acquisition – The 360 on Oracle Identity Management

Tuesday, May 3, 2011

Using Avahi/Bonjour to find VNC servers on your local network

This is off topic, but I need to write it down somewhere.

On my home network I have a VNC server running on an Oracle Enterprise Linux box. Since I use DHCP it's not uncommon for the DHCP server to assign a different IP address to the machine each time I bring the machine online. To find the machine's IP address I either have to attach to the console and log in to run "/sbin/ifconfig eth0" or use nmap.

Wouldn't it be great if I could just open my VNC client and have the server just show up in the list?

Yes you can. And the trick is a technology called Zeroconf implemented in a daemon named Avahi on Linux.

In my env I run VNC on :1 (TCP port 5901) so all I had to do was put the following in /etc/avahi/services:

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
  <name replace-wildcards="yes">%h</name>
  <service>
    <type>_rfb._tcp</type>
    <port>5901</port>
  </service>
</service-group>

Then when I fire up my VNC client this shows up:

(This is from Chicken on the VNC on a Mac).

Hope this helps someone else!